Vulnerability Description
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Extremenetworks | Aerohive Netconfig | < 10.0r8a |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/164957/Aerohive-NetConfig-10.0r8a-Local-FilExploitThird Party AdvisoryVDB Entry
- https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2020-Vendor Advisory
- http://packetstormsecurity.com/files/164957/Aerohive-NetConfig-10.0r8a-Local-FilExploitThird Party AdvisoryVDB Entry
- https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2020-Vendor Advisory
FAQ
What is CVE-2020-16152?
CVE-2020-16152 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP reques...
How severe is CVE-2020-16152?
CVE-2020-16152 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-16152?
Check the references section above for vendor advisories and patch information. Affected products include: Extremenetworks Aerohive Netconfig.